MGASA-2014-0401

Advisory lineage Upstream: 2 Downstream: 0
Published: 07 Oct 2014, 09:22
Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

07 Oct 2014, 09:22
Published
Vulnerability first disclosed
16 Apr 2026, 06:24
Last Modified
Vulnerability information updated

Description

Updated libvirt packages fix security vulnerbilities Updated libvirt packages fix security vulnerabilities: An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process (CVE-2014-3633). A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive (CVE-2014-3657).

Affected Systems

  • mageialibvirt

    < 1.0.2-8.6.mga3

  • mageialibvirt

    < 1.2.1-1.2.mga4

References (4)